Supported Xen Project 4.4 series
The Xen Project 4.4 release incorporates many new features and improvements to existing features.
- For a description of Xen Project 4.4 features see the Xen Project 4.4 Feature List.
- For system limits and headline features also see the Xen Project 4.4 Feature Matrix.
- Xen Project 4.4 Release Notes
For Xen Project 4.4 documentation see
- Xen Project 4.4 Man Pages
- For other documents related to Xen 4.4 features read Xen Project 4.4 Documents on our wiki.
For a breakdown of contributions to Xen 4.4 check out the Xen Project 4.4 Acknowledgements.
We are pleased to announce the release of Xen 4.4.1. This is available immediately from its git repository http://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.4 (tag RELEASE-4.4.1)
This release fixes the following critical vulnerabilities:
- CVE-2014-2599 / XSA-89 HVMOP_set_mem_access is not preemptible
- CVE-2014-3125 / XSA-91 Hardware timer context is not properly context switched on ARM
- CVE-2014-3124 / XSA-92 HVMOP_set_mem_type allows invalid P2M entries to be created
- CVE-2014-2915 / XSA-93 Hardware features unintentionally exposed to guests on ARM
- CVE-2014-2986 / XSA-94 ARM hypervisor crash on guest interrupt controller access
- CVE-2014-3714,CVE-2014-3715,CVE-2014-3716,CVE-2014-3717 / XSA-95 input handling vulnerabilities loading guest kernel on ARM
- CVE-2014-3967,CVE-2014-3968 / XSA-96 Vulnerabilities in HVM MSI injection
- CVE-2014-3969 / XSA-98 insufficient permissions checks accessing guest memory on ARM
- CVE-2014-4021 / XSA-100 Hypervisor heap contents leaked to guests
- CVE-2014-4022 / XSA-101 information leak via gnttab_setup_table on ARM
- CVE-2014-5147 / XSA-102 Flaws in handling traps from 32-bit userspace on 64-bit ARM
- CVE-2014-5148 / XSA-103 Flaw in handling unknown system register access from 64-bit userspace on ARM Additionally a workaround for CVE-2013-3495 / XSA-59 (Intel VT-d Interrupt Remapping engines can be evaded by native NMI interrupts) has been put in place. However, at this point we can't guarantee that all affected chipsets are being covered; Intel is working diligently on providing us with a complete list. Apart from those there are many further bug fixes and improvements.
We recommend all users of the 4.4 stable series to update to this first point release.